AMENDMENTS TO THE CLAIMS 

Claims 1-4, 6-36, and 38-48 were pending at the time the Office Action was issued. 

Claims 1, 10, 1 1, 18, 20, 36, 38 and 48 have been amended. 

Claims 9 and 19 have been cancelled. 

Claims 1-4, 6-8, 10-36, and 38-48 remain pending. 

The following listing of claims replaces all prior versions and listings of claims in the 
application. 

1. (Currently Amended) A method of processing multiple types of security 
schemes, comprising: 

receiving a message having an associated a first token and a second token , 
wherein the first token is in a first format and the second token is in a second format that 
is different from the first format , associated with a same subject; 

authenticating the first token by extracting a first claim from the first token and 
authenticating the second token by extracting a second claim from the second token, 
wherein the first and second claims comprise a statement different statements about the 
subject; and 

grouping the first and second claims into a claim collection by selectively 
mapping the first claim [[to]] and the second claim to other claims ; and 

authorizing access to a resource referred to in the message based at least in part on 
the first and second claims by mapping them to other claims . 
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2. (Original) The method of claim 1, further comprising obtaining another claim 
from the token. 

3. (Original) The method of claim 1, further comprising rejecting the message as 
a function of the first claim. 

4. (Original) The method of claim 1, further comprising rejecting the message as 
a function of the second claim. 

5. (Cancelled) 

6. (Original) The method of claim 1, further comprising obtaining a resource 
identifier from the message. 

7. (Original) The method of claim 6, wherein obtaining the resource from the 
message comprises applying an XPath expression. 

8. (Original) The method of claim 6, wherein the resource identifier comprises a 
property of the message. 



9. (Cancelled) 



10. (Currently Amended) The method of claim 6 [[9]], wherein the resource 
identifier comprises a property of the computing system's runtime environment. 

11. (Currently Amended) The method of claim 6 [[9]], wherein a resource 
corresponding to the resource identifier is stored by the computing system. 

12. (Original) The method of claim 1, further comprising sending a return 
message to a sender of the message, wherein the return message includes information 
regarding the second claim. 

13. (Original) The method of claim 12, wherein the information regarding the 
second claim comprises the second claim. 

14. (Original) The method of claim 1, further comprising obtaining a third claim 
from the first claim. 

15. (Original) The method of claim 1, further comprising obtaining a third claim 
from the second claim. 

16. (Original) The method of claim 1, further comprising selectively rejecting the 
first claim. 
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17. (Original) The method of claim 1, wherein the token is received out-of-band 
from the message. 

18. (Currently Amended) The method of claim 1, further comprising sending 
the message, the first token and [[a]] the second token to another entity, wherein the 
second token includes information related to the second claim. 

19. (Cancelled) 

20. (Currently Amended) A system configured to process multiple types of 
security schemes, the system comprising: 

one or more computer processors; and 

one or more computer readable storage media, executable by the one or more 
computer processors, to store: 

a first module to extract a first claim from a first token and a second claim 
from a second token associated with a message, wherein the message has an 
associated subject and the first claim and the second claim claims comprise a 
statement different statements related to the subject; and 

a second module to selectively map the first claim and [[to]] the second 
claim to other claims . 

21. (Original) The system of claim 20 further comprising a third module to 
determine as a function of the first claim whether the message is to be rejected. 
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22. (Original) The system of claim 20, further comprising a third module to 
determine as a function of the second claim whether the message is to be rejected. 

23. (Original) The system of claim 20, further comprising a module to form a 
claim collection that includes the first and second claims. 

24. (Original) The system of claim 20, further comprising a module to selectively 
obtain a resource identifier from the message. 

25. (Original) The system of claim 24, wherein the module to obtain the resource 
identifier from the message is to selectively apply an XPath expression to obtain the 
resource identifier. 

26. (Original) The system of claim 24, wherein the resource identifier comprises a 
property of the message. 

27. (Original) The system of claim 20, further comprising a module to selectively 
obtain a resource identifier from a computing system in which the first and second 
modules reside. 

28. (Original) The system of claim 27, wherein the resource identifier comprises a 
property of the computing system's runtime environment. 
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29. (Original) The method of claim 27, wherein a resource corresponding to the 
resource identifier is stored by the computing system. 

30. (Original) The system of claim 20, further comprising a module to selectively 
send a return message to a sender of the message, wherein the return message includes 
information regarding the second claim. 

31. (Original) The system of claim 30, wherein the information regarding the 
second claim comprises the second claim. 

32. (Original) The system of claim 20, wherein the second module is to 
selectively obtain a third claim from the first claim. 

33. (Original) The system of claim 20, wherein the second module is to 
selectively obtain a third claim from the second claim. 

34. (Original) The system of claim 20, wherein the second module is to 
selectively reject the first claim. 

35. (Original) The system of claim 20, wherein the first module is to receive the 
token out-of-band from the message. 
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36. (Currently Amended) The system of claim 20, further comprising a 
module to send the message, the first token and [[a]] the second token to another entity, 
wherein the second token includes information related to the second claim. 

37. (Cancelled) 

38. (Currently Amended) A computer-readable storage medium storing 
computer-executable instructions that, [[when]] executed by a processor, performs acts 
comprising: 

receiving a message having an associated a first token and a second token , 
wherein the first token is in a first format and the second token is in a second format that 
is different from the first format, associated with a same subject; 

obtaining a first claim from the first token and a second claim from the second 
token, wherein the first and second claims comprise a statement different statements 
about the subject; and 

selectively mapping the first claim [[to]] and the second claim to other claims . 

39. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising rejecting the message as a function of the first claim. 

40. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising rejecting the message as a function of the second claim. 



41. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising obtaining a resource identifier from the message. 

42. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising obtaining a resource from a computing system reading the machine- 
readable medium. 

43. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising sending a return message to a sender of the message, wherein the 
return message includes information regarding the second claim. 

44. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising obtaining a third claim from the first claim. 

45. (Previously Presented) The computer-readable storage medium of claim 44, 
further comprising rejecting the message as a function of the third claim. 

46. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising obtaining a third claim from the second claim. 

47. (Previously Presented) The computer-readable storage medium of claim 38, 
further comprising selectively rejecting the first claim. 
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48. (Currently Amended) The computer-readable storage medium of claim 38, 
further comprising sending the message, the first token and [[a]] the second token to 
another entity, wherein the second token includes information related to the second claim. 
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